AMERICAN INTERNATIONAL UNIVERSITY SCHOOL OF ENGINEERING AND COMPUTING CSC495 - Senior Computer Project Team Members: Spring 2024 Deliverable: Progress Report 2 Submission Date: 11/5/2024 - Yousef Alduwaisan: 201000075 CSC495 - Senior Computer Project | 1 Table of Contents 1.1. 1. Introduction. Overview 1.2. Motivation.. 1.3. Problem statement 1.4. Aim and Objectives 1.5. 1.6. 1.6.1. Expected Output. Hardware and Software Requirements. Hardware Requirements 1.6.2. Software Requirements. 1.7. Schedule 2. Related work........ 2.1 Research Article. 2.2 Gaps in the Related Works 2.3 Proposed Approach 3. Requirement Engineering and Analysis..... Stakeholders Functional requirements.... 3.1. 3.2. 3.3. Use Case Diagram.......... 3.4 Use case description 3.4.1. Test URL.. 3.4.2. Feature Extraction....... 3.4.3. Test Input ......... 3.5 Non-functional requirements 3.6 constraint 4. Software Architecture & Design. 4.1 Software Architecture...... 4.1.2.3 Physical View....... 4.1.3 Logical View.......... 4.1.3 Process view. 4.1.4 Component detail. 4.2. Software design 4.2.1 Use case sequence diagram 4.2.1.1 Feature Extraction...... 4.2.1.2 URL Input………………………………. 4.2.2 User Interface Prototype. =References..... .4 .5 .5 .5 .6 .6 .6 ..6 .7 .8 12 .12 .13 .13 13 .13 .14 14 .15 15 .17 17 .17 .17 .18 .18 18 .19 .20 .20 ..20 .21 .21 .21 CSC495 - Senior Computer Project | 2 CSC495 - Senior Computer Project | 3 1. Introduction 1.1. Overview Cross-site scripting (XSS) is a prevalent security vulnerability found in web applications. It occurs when attackers inject malicious scripts into web pages viewed by other users. These scripts can execute in the context of a user's browser, potentially allowing the attacker to steal sensitive information, hijack user sessions, or deface websites. XSS attacks can be classified into three types: stored XSS, reflected XSS, and DOM-based XSS, each with its methods of exploitation. Mitigating XSS vulnerabilities requires input validation, output encoding, implementing a Content Security Policy (CSP), and adhering to secure development practices. By addressing XSS threats, organizations can safeguard their web applications and protect users from malicious exploitation. Nowadays, artificial intelligence (AI) plays a crucial role in combating XSS attacks by enabling advanced detection and prevention mechanisms. Al-powered algorithms can analyze web traffic patterns and user behavior to identify anomalous activities indicative of XSS attempts. Machine learning models trained on large datasets of known XSS vulnerabilities can automatically detect and mitigate potential threats in real time. Natural language processing (NLP) techniques enable Al systems to understand and interpret input data, aiding in the identification of malicious scripts embedded within user inputs. Additionally, Al-driven security solutions can adapt and evolve to counter emerging XSS attack vectors, enhancing the overall resilience of web applications against exploitation. As XSS attacks become increasingly sophisticated, the integration of Al into security strategies offers a proactive defense mechanism to safeguard sensitive data and protect users from potential harm. CSC495 - Senior Computer Project | 4 1.2. Motivation XSS has been a rising issue in web application development for a while. It can lead to security risks for both website owners and users such as unauthorized access, data theft, and potential harm to users. Addressing XSS is crucial to ensure the integrity and security of web applications. The developed tool could help users test their URLs or some other websites to find any potential vulnerability that could lead to this type of attack which would contribute to the cybersecurity community by enhancing internet safety. 1.3. Problem statement To address the issue of XSS, a machine-learning approach to detect XSS features from a provided URL is proposed. Data will be collected and pre-processed to extract the needed features. After that, several models will be trained on the extracted data and tested using evaluation metrics to leverage one model to another. The model with the highest performance would be integrated into a web application that would allow the users to test URLs for potential risks. 1.4. Aim and Objectives This project aims to develop a web application that will take a URL as text input from the user and will return the prediction of whether this URL may be an XSS attack or not. To reach this aim, the following objectives have been set: 1. Conducting a related work study. 2. Collecting suitable XSS data. of cross-site scripting. 3. Data pre-processing and feature extraction of the most important features. 4. Training machine learning models on the extracted features. 5. Evaluating the trained model using the suitable evaluation metrics. 6. Developing a web application that utilizes the trained model. 1.5. Expected Output The expected output of this project would be a security system or tool (web application) designed to detect and prevent XSS attacks on web applications using machine learning algorithms. CSC495 Senior Computer Project | | 5/n 1- write about the introduction in the first page, divide the overview ( ai, cross site scripting and combine them) ( one slide) - motivation and problem statement ( one slide) - Aim and objective ( one slide) 2- related work : read them all and summarize it, the model they used and the accuracy of each model and the conclusion (slide ) make it table and talk about the gaps and proposed approach (one slide) 3- requirements engineering : Stakeholders with picture and the use-case diagram at the same slide (both one slide) 4-functional requirements: Put all 8 points (one slide) 5- use description take one schedule test url and about it in details ( one slide) 6- non-functional requirements Put them as in the word document (one slide ) 7 - architecture and design: Talk about each view ( physical, logical, process ) )explain ( 1 or 2 slides)